Abstract: The described technology provides for plural application processes including at least one application in a browser to reliably acquire device information that can be used by other processes to accurately determine whether the plural applications are running on the same client device and/or are associated with aspects of the same client device. The more reliable determination of the devices associated with respective application processes can be used for various purposes such as, for example, user access management capabilities such as improved single sign-on (SSO) capability and/or improved multiple login prevention (MLP) capability.

Abstract: Techniques are disclosed relating to sharing access to electronically-secured property. In some embodiments, a first computing device having a first secure element receives, from a second computing device associated with an owner of the electronically-secured property, an indication that the second computing device has transmitted a token to server computing system, the token permitting a user of the first computing device access to the electronically-secured property. Based on the received indication, the first computing device sends a request for the transmitted token to the server computing system and, in response to receiving the requested token, securely stores the received token in the first secure element of the first computing device. The first computing device subsequently transmits the stored token from the first secure element of the first device to the electronically-secured property to obtain access to the electronically-secured property based on the token.

Abstract: There is a growing problem in correctional facility telecommunications systems in which parties on a voice call may connect inmate callers with restricted parties. Prison communication systems monitor calls to prevent such activity, but in Voice over Internet Protocol (VoIP) environments such systems may fail to detect this activity. The present disclosure provides details of a system and method for using SIP messages common in VoIP environments to detect illicit activity initiated by a party on a voice call within a controlled environment. Scenarios are detected in which a called party connects an inmate caller to a restricted party via three-way call conferencing, call forwarding, or other call features. Corrective actions are then taken when such activity is detected, such as call blocking or alerting officials illicit activity is occurring.

Abstract: Embodiments of the prevent invention provide a network access authentication method and device. The method comprises: receiving an authentication request message sent by a first serving network, wherein the authentication request message carries a user equipment pseudonym identifier generated by a user equipment; determining whether a local user equipment pseudonym identifier is asynchronous with the user equipment pseudonym identifier generated by the user equipment; and obtaining, if the determination result is yes, an encrypted international mobile subscriber identity (IMSI) to carry out network access authentication on the user equipment. The embodiments of the present invention can solve the problem that a network access process in the related art does not provide a processing method for the case where the user equipment pseudonym identifier in the user equipment is asynchronous with the user equipment pseudonym identifier in a home network.

Abstract: Methods and systems for enhancing remote desktop experiences are described herein. A computing device may launch a remote desktop session. During the remote desktop session, the computing device may receive user input requesting a file to be launched at the computing device using a native application. The computing device may receive, from a remote desktop server, the file. Using a local application, the computing device may launch the file.

Abstract: Techniques are provided for client application authentication and include receiving a request to authenticate an application and, based on the received request to authenticate the application, sending a request to perform a push communication, including a short-term shared key, to a digital distribution system, wherein the digital distribution system is a distribution source of the application. The digital distribution system attempts to send the push communication including the short-term shared key to the application. The techniques may proceed by receiving a request for resources from the provider client application and determining whether the application has the short-term shared key. When it is determined that the application has provided the short-term shared key, the requested resources to the application may be provided, otherwise, the requested resources may be denied.

Abstract: A method includes a data processing system creating a proxy for a virtual vault to access a data owner system in accordance with a temporary credential protocol, where the proxy is the only conduit between the virtual vault and the data owner system. The method continues by the proxy receiving a request from a virtual machine within the virtual vault, requesting data from the data owner system. When the request is valid, the method continues by the proxy creating a data retrieval request based on the request and data access credentials associated with the data owner system. The method continues by the proxy forwarding a data response from the data owner system to the virtual machine. The method continues by the data processing system deleting the proxy and the virtual vault when a data query has been completed, where the request is in accordance with the data query.

Abstract: A system for location-aware authentication is configured to receive an authentication request associated with an identifier of a user for accessing an application and retrieves user information associated with the identifier and the application. The system then determines that the user information includes a geofence and information associated with a device of the user. Based on the geofence and the device information, the system sends a geolocation data request to the device, causing the device to gather and send the device's current geolocation data to the computing system. A data structure is generated to store data related to the device's current geolocation and sent to the application, which in turn causes the application to grant or deny the authentication request.

Abstract: A method for a story fill authentication process includes, responsive to receiving a first authentication request to authenticate a user, displaying a first generated story with one or more obfuscated portions, where the first generated story is based on event data associated with a first previously captured event and additional data utilized to enrich the event data for the first previously captured event. The method also includes, responsive to determining text provided for the one or more obfuscated portions of the first generated story at least meets a comparison threshold level to a first complete generated story based on a semantic comparison, granting the user access to a resource associated with the first authentication request.

Abstract: Embodiments for processing authentication tokens in a system with multiple Representational State Transfer (REST) servers and clients. An intelligence process for multiple processes or multiple REST clients in an OS effectively communicates with multiple REST servers and proactively manages each server's authentication token. A shared library is loaded into a process that uses shared memory to manage the generation and expiry of a token and to communicate with a supported REST server through a single function call. The REST Authentication token will be generated for each REST server and stored in the shared memory which will be reused across multiple processes that use the library. The REST token will be validated for each function call.

Abstract: Methods, systems, and apparatus, including computer programs encoded on a computer storage medium, for processing requests for digital components. A method includes receiving a request from a client device for a digital component generated by a first SDK installed at a client device, examining data fields of the request by servers, generating real-time requests by the servers, and transmitting each real-time request to a third-party digital component provider by the servers. The method further includes receiving responses to the real-time requests from the third party digital component provider by the servers, selecting a particular response to transmit to the client device responsive to the request for the digital component by the servers, and transmitting the particular response to the first SDK with instructions specifying which SDK installed at the client device is required to render a digital component included in the particular response by the servers.

Abstract: In some embodiments, an exemplary access controlling network architecture may include: a computing device, configured to: receive application program instruction to display an access controller interface element and a multi-part multi-functional access control, where the access controller interface element is: communicatively coupled to a cellular network hosted access controlling schema and operationally linked to at least one access-restricted digital resource; where the multi-part multi-functional access control sequence includes: a symbol, an access code, and a particular access control digital key; transmit an access request having: the multi-part multi-functional access control sequence and an identity linked to the computing device; receive, in response to the access request, a program instruction to unlock the at least one access-restricted digital resource for accessing via the computing device after the access code has been accepted by the cellular network hosted access controlling schema and the pa

Abstract: Disclosed are systems, methods, and non-transitory computer-readable storage media for providing access to a hybrid web application offline. In some implementations, a computing device can be configured with a hybrid application that includes a native layer and a web view. The native layer can provide access to native features of the computing device while the web view can provide web client features, such as graphical user interfaces and server communication functionality. When the computing device is offline and the hybrid application is invoked, the native layer can load from local storage a resource bundle including the web code needed to present the web view graphical user interface, and/or facilitate communication with the web server. Similarly, when the computing device is offline, the hybrid application can load previously stored content items into the web view from local storage through the native layer so that the user can work with the content items offline.

Abstract: A system in a vehicle includes one or more sensors configured to obtain occupant information from an occupant utilizing at least facial information of the occupant. The system also includes a controller in communication with the one or more sensors. The controller is configured to determine an application policy associated with one or more applications of the vehicle and execute the one or more applications in response to facial information exceeding a first authentication layer or second authentication layer associated with the application policy.

Abstract: Techniques for sharing secrets over one or more computer networks using proxies are provided. In one technique, a proxy server receives, from a client device, over a computer network, a request for a secret. In response to receive the request, the proxy server causes a tunnel to be created with a resource server that is separate from the client device, retrieves the secret from a secrets repository, and causes the secret to be transmitted through the tunnel to the resource server.

Abstract: Confirming user consent includes prompting the user to tap a card a card reader or a computing device and confirming consent in response to the user taping the card. The user may be prompted for a response in a plurality of possible responses and only a particular one of the possible responses may require taping the card. The user may consent to installation of software on the computing device. The user may be logged in to the computing device. A login ID for the user may be cached and/or may be accessed in connection with the user tapping the card. Confirming user consent may also include obtaining a pairing code for accessing the card and confirming consent in response to the user taping the card and the pairing code allowing access to the card. The pairing code may be cached in the card reader or the computing device.

Abstract: Embodiments of the disclosure provide a method for enhancing standard authentication systems to include risk-based decisions. Risk-based decisions can be selectively implemented within existing authentication systems to strategically modify and supplement security if an unacceptable risk is detected. Embodiments capture information pertaining to a user and user device. Information is stored to create a profile for the user and user device. A comparison between the stored information and live data can be performed within authentication systems to optimize security. If the results of the comparison demonstrate the presence of an acceptable risk, then the need for subsequent authentication can be reduced or eliminated, which improves a user experience.

Abstract: The present invention provides a method of allowing a wearable device connected to a user equipment device to communicate with a mobile communications network, wherein the user equipment device transmits non-access stratum messages to the mobile communications network for performance of an identification and an authentication of the wearable device in the mobile communications network and monitors transmissions sent by the mobile communications network in paging occasions, wherein paging occasions for paging messages intended for the wearable device are time aligned with paging occasions for paging messages intended for the user equipment device.

Abstract: A computer-implemented method includes receiving an authentication request from an external device for authenticating an application on the external device, and receiving a plurality of information items in connection with the authentication request from a plurality of different externally residing information sources. The authentication request is then evaluated, which includes evaluating each of the plurality of information items, to determine an authentication status of the application. Based on the authentication status, the device is then selectively permitted access to private information through the application. A computer system and/or machine-readable media may be provided to perform some or all steps of the method.

Abstract: An electronic device, method and computer program product enable detecting user attention to dynamic content and enabling subsequent user access. The electronic device includes display device(s), a memory containing application(s) and a content monitoring supervisor (CMS) application, and a controller. The controller is communicatively coupled to the display device(s) and the memory and which executes the CMS application to configure the electronic device to perform functionality. The functionality includes retrieving content requested by the application(s). The functionality includes presenting at least a portion of the content on the display device(s). The functionality includes storing information associated with a particular portion of the content in response to determining that the particular portion has been viewed by a user of the electronic device for more than a time threshold.

Abstract: Methods and systems for authentication using multiple identity providers are described herein. A first identity provider may receive, e.g., from a second identity provider, an indication of an authentication request. The first identity provider may retrieve, from a storage device, session information associated with the request. The first identity provider may authenticate, using one or more first functions, based on the session information, and based on authentication credentials received from a user, the user. Based on the authentication, the first identity provider may modify the session information. The second identity provider may authenticate, based on the session information and using one or more second functions, the user. The one or more second functions may comprise providing the user a token based on the session information. The session information may be subsequently deleted.

Abstract: Techniques provided herein relate to electronic data access requests. An access system receives at least one electronic data action request from a client. At least a portion of the data access authentication information is sourced from a secondary device connected to an intermediary device. The electronic data action request is authenticated based upon the data access authentication information.

Abstract: Systems and methods are disclosed for performing location-based authentication using location-aware devices. One method includes: receiving an access request comprising authentication credentials and a first location from a first location-aware device; receiving a second location from a second location-aware device associated with the authentication credentials; and upon determining that the first location and second location are within a pre-determined distance, authenticating the authentication credentials.

Abstract: An example method of secure attestation of a workload deployed in a virtualized computing system is described. The virtualized computing system includes a host cluster and a virtualization management server, the host cluster having hosts and a virtualization layer executing on hardware platforms of the hosts. The method includes: launching, in cooperation with a security module of a host, a guest as a virtual machine (VM) managed by the virtualization layer, the security module generating an attestation report from at least a portion of the VM loaded into memory of the host; sending the attestation report from the security module to a trust authority; receiving, in response to verification of the attestation report by the trust authority, a secret from the trust authority at the security module; and providing the secret from the security module to the guest.

Abstract: Systems and methods are provided for a media provider to allow a user to access media objects with a third-party partner that authenticates the user and authorizes the user to access certain media objects. The media provider offers access to media objects, such as video content or audio content. The partner, through a relationship with the media provider, similarly offers access to the media provider's media objects, for example, as a service or benefit to the partner's customers or users. In particular, a partner integration server mediates user authentication and authorization by the partner. The partner integration server also allows the media provider to easily and flexibly to add and integrate additional partners.

Abstract: Aspects of the disclosure relate to providing cloud computing resources from one or more cloud service providers for a client computing device through a computing platform. The client computing device may benefit from an economy of scale while being able to obtain different types of cloud services over a plurality of cloud providers. The client computing device may request an initial amount of cloud services and subsequently may request cloud services that utilize a requested amount of cloud resources. The requested amount of cloud resources may be apportioned among the plurality of cloud service providers, to provide the requested cloud service. The computing platform may also support a cloud abstraction layer interacting between client computing device and one or more cloud providers so that the client computing device can obtain cloud service in a transparent manner.

Abstract: The present invention disclose a key distribution method. The method includes obtaining, by a first key management system, a shared key of a first network element, where the shared key of the first network element is generated according to a key parameter obtained after the first network element performs authentication or a root key of the first network element; obtaining a service key, where the service key is used to perform encryption and/or integrity protection on communication data in a first service between the first network element and a second network element; performing encryption and/or integrity protection on the service key by using the shared key of the first network element, to generate a first security protection parameter; and sending the first security protection parameter to the first network element. According to present invention, data can be protected against an eavesdropping attack in a sending process.

Abstract: A computerized system conducts customer identification processing for customers who remotely open accounts with personal identification information that cannot be verified through available data sources. The system receives a portion of identity data in response to a request for the customer to provide the portion of identity data from a customer identification document during a financial transaction. The system updates an identity profile of the customer by combining the portion of identity data with different portions of previously received identity data that were previously received from different merchants during transactions between the customer and the different merchants. Based on comparing the identity profile to unverified identity data of the customer, the system determines whether to maintain or terminate the account.

Abstract: Techniques for receiving operational preferences for operating network devices, and determining software updates for the network devices based on the operational preferences. A recommendation system may determine a group of network devices in a device network based on the network devices in the group performing a common functional role or have common attributes. The recommendation engine may further receive the operational preferences for the group of network devices from a user associated with the device network. These operational preferences may be continuously, or periodically, evaluated against actual operating conditions of the group of network devices to determine whether a risk metric associated with the actual operation conditions violates an operational preference. In some instances, the recommendation system may provide the user with access to a recommendation to run updated software that is more optimized for the network device and that satisfies the operational preferences of the user.

Abstract: A shared storage system that is optimized for post-production workflows that use NLEs such as Final Cut Pro X, DaVinci Resolve, Premiere and Avid is disclosed. Further, shared storage systems comprising workstations and shared storage systems, such as NAS devices, are disclosed that optimize workstation settings based on a database of optimal configuration settings to provide optimal bandwidth, minimal latency and stable performance for digital content creation/editing workflows that use file exchange between the workstation and the shared storage system. Novel methods and systems for storage systems are disclosed that configure and expose share drives in novel ways to facilitate video editing, audio editing and compositing.

Abstract: A system and method includes receiving, via a fiber optic cable, an analog fiber optic signal that preserves native radio frequency (RF) energy characteristics of at least one first RF signal associated with at least one wireless device, and converting, by a light-to-RF converter, the received analog fiber optic signal into at least one second RF signal. The system and method can further comprise analyzing, by a processor, the at least one second RF signal and generating, by the processor, at least one digital signature associated with the at least one wireless device, respectively, based on the analysis of the at least one second RF signal. The system and method yet further comprise determining, by the processor, if the at least one wireless device associated with the at least one digital signature, respectively, is one of an authorized device and an unauthorized device.

Abstract: A live web camera feed and streaming transmission system and method for gathering, identifying and authenticating biometric data of a specific human being while constantly monitoring, tracking, analyzing, storing and distributing dynamic biometric data to ensure authorized access to the secured system continues via positive live feed monitoring of biometric data for participating computer systems and or programs. Multiple, correlative, inseparable, embedded serial numbers allow for editing within a live video recording session because the serial numbers are “attached” to one another from frame to frame. The degree of identity verification correlated with the various serial numbers, directly affects an indelible, detectible, identity verification cumulative authentication rating score in conjunction with a recognizable and standardized, indelible, detectible, hyperlinked color-coded security badge displaying the degree of identity authentication.

Abstract: A third-party server, delegated by organizations to manage application environment, may maintain a plurality of guided workflow plans. At least one of the guided workflow plans may include one or more steps associated with setting up an interaction control policy. The third-party server may receive an interaction report associated with the organization. The interaction report may include metadata of one or more devices that interacted with other devices. The third-party server may identify a particular device to which existing interaction control policies of the organization are inapplicable. The third-party server may search for additional out-of-band information of the particular device using the metadata in the interaction report. The third-party server may select an applicable guided workflow plan for setting up an applicable interaction control policy for the particular device. A guided workflow may be presented via a graphical user interface according to the applicable guided workflow plan.

Abstract: A security device provisioning hub, including: a memory; and a processor configured to: receive a first secret token from a device manufacturer, wherein the first secret token is associated with a first service; receive a second secret token from a customer device having a security chip; verify that the first secret token and the second secret token are the same; and provide to the customer device access credentials to the first service.

Abstract: A method includes receiving, at a native application, access credential data and providing the access credential data from the native application to a headless browser. The method also includes initiating a secured connection from the headless browser to a remote server that hosts a website. The remote server supports access to secured data without relying on an application programming interface. The method also includes sending, by the headless browser via the secured connection, the access credential data to the remote server. The method also includes receiving first web page data of the website from the remote server via the secured connection and parsing the first web page data to identify user-specific data. The method further includes receiving, by the headless browser via the secured connection, at least a portion of the secured data.

Abstract: A network system includes at least one server device and at least one terminal device that accesses any of the at least one server device. The terminal device authenticates a network address between the terminal device and any of the at least one server device and communicates data with any of the at least one server device. When the server device receives a request from the terminal device, it provides a service in accordance with the authenticated network address held by the terminal device that has issued the request.

Abstract: A trusted session is to be established between a smart speaker and a computer server. The computer server may receive an instruction to initiate a trusted session with the smart speaker. The instruction includes an indication of an account linking token for linking a first and second account associated with the smart speaker and the computer server, respectively. The computer server generates a session token and sends it to the smart speaker for acoustic signalling. The acoustic signal is captured by a mobile device and used to reconstruct the session token. The computer server receives the reconstructed session token along with identifying information from the mobile device. The computer server system uses the identifying information to confirm that the mobile device is associated with the second accord. Upon so confirming, the computer server may establish a trusted session between the first smart speaker and the computer server system.

Abstract: Systems, methods, and computer-readable storage devices to enable virtual API technology embodied in an SDK for use within a mobile application, a mobile payment wallet, or a mobile operating system.

Abstract: Signed digital certificates can be automatically obtained from a trusted certificate authority. For example, a computing device can receive a request associated with a handshake procedure for establishing a secure session between a client device and a server. The request can indicate a trusted certificate authority that issues signed digital certificates. The computing device can determine that a local key store that is local to the server does not have a signed digital certificate issued by the trusted certificate authority and responsively obtain the signed digital certificate from the trusted certificate authority. The computing device can return the signed digital certificate back to the client device as part of the handshake procedure to establish the secure session.

Abstract: An order completion system and method are described. In some implementations, the system may execute the method which includes receiving an order from a user that includes a retail component; determining that a profile identification (ID) of the user is associated with prescription information of the user; forming a consolidated order by adding one or more eligible prescriptions associated with the user to the retail component of the order using the prescription information. The method may further include applying transaction rules to the consolidated order to determine whether the consolidated order is eligible for a single input authorized checkout; and responsive to determining whether the consolidated order is eligible for the single input authorized checkout, presenting to the user via a user interface, a prompt for the user to complete the consolidated order using the single input authorized checkout.

Abstract: An authentication system may receive a request signature corresponding to a user request to view secure user information on a user device and generate a server-side signature matching the request signature to authenticate the user device to receive the secure user information without authenticating the user. The request signature may include a device identifier corresponding to the device, a token code generated by the authentication system and stored by the user device, a timestamp corresponding to the transmission time of the request signature, and a version of the device identifier, the token code, and the timestamp encrypted using a signature key provided to the user device by the authentication system. The authentication system may generate the server-side signature using the timestamp and stored copies of the device identifier, the token code, and the signature key.

Abstract: The disclosed computer-implemented method for securing authentication procedures includes (i) monitoring, by a third-party security application, to detect reception of a second factor authentication token as an input to complete a second factor authentication procedure in connection with a second application that is independent from the third-party security application, (ii) verifying, by the third-party security application, whether or not the second factor authentication token was transmitted by a valid server in coordination with the second application as part of an authentic version of the second factor authentication procedure, and (iii) performing a security action to protect a user account based on a result of verifying whether or not the second factor authentication token was transmitted by the valid server in coordination with the second application as part of the authentic version of the second factor authentication procedure.

Abstract: The present disclosure relates to an authentication method of a first device by a second device, each first, second device having a processor, at least one memory, and an authentication circuit, in which the authentication circuit is configured to prohibit the processor from reading data stored in at least part of said memory. The authenticating includes generating a first datum, and a second datum. The second device verifies that the first and second data match.

Abstract: A first application name is received. For example, the first application name may be the name of the application, a Universal Resource Locator (URL) of a web site (e.g., microfocus.com), and/or the like. The first application name represents a computer application of a plurality of computer applications that the user logs into. A global password is received from the user. The global password is used as a seed to login to the plurality of computer applications. The global password is converted to a phonetic password. A first application password is generated for the first computer application based on the first application name and the phonetic password. For example, the first application name and the phonetic password are used as an input to a key deviation function. The first application password is then displayed to the user. The user can then use the displayed password to login to the first application.

Abstract: A method for accessing a service system includes: receiving fingerprint information of a to-be-verified terminal device and identification information of a to-be-verified user from a login computer system based on a service access instruction to access the service server; verifying, according to the fingerprint information of the to-be-verified terminal device and the identification information of the to-be-verified user, whether the to-be-verified terminal device is a specified device of the to-be-verified user based on a specified device database, the specified device database comprising identification information of each user and fingerprint information of a specified device of each user; determining, according to a result of the verifying, whether to allow the login computer system to access the service server according to the service access instruction; and if yes, sending a notification to the login computer system to enable the login computer system to access the service server.

Abstract: A system for avoiding an access conflict between a plurality of devices that access an IC module. The system includes a first device and a second device that can access an IC module used in an electronic money system. The second device has the function of detecting waves having a predetermined pattern to indicate that the first device is accessing the IC module. These waves may be continuously generated from the first device or may be continuously generated from another device installed near the first device, and when the second device detects the waves having the predetermined pattern, the second device refrains from accessing the IC module. This allows the system to implement autonomous conflict control between a plurality of devices that access the IC module that does not have an adequate conflict control function without providing a special control circuit.

Abstract: According to one aspect disclosed herein, a provider device can receive, from a requester device, a network access request requesting, on behalf of the requester device, access to a Wi-Fi network associated with a network provider and provided, at least in part, by a network device. In response, the provider device can prompt the network provider to accept or deny the requester device access to the Wi-Fi network. The provider device can receive input indicating that the network provider accepts the network access request, and in response to the input, can create a network access package that includes a secure network access configuration to be utilized by the network device to establish, at least in part, a secure connection with the requester device to provide the requester device access to the Wi-Fi. The provider device can encrypt the network access package to create an encrypted network access package.

Abstract: Methods and systems for management of subscriber identities associated with user devices are described herein. The user device may enroll the user device to a server and lock a subscriber identity associated with the device by setting a password on the subscriber identity. If a credential entered by a user is verified, the subscriber identity associated with the device may be unlocked. Alternatively, the user device may retrieve one or more identities associated with the user, the user device and/or the subscriber identity. A server may register the one or more identities with a database. If the user device sends a request to connect to the network, the server may verify the one or more identities retrieved by the user device to determine whether to grant access from the user device to the network.

Abstract: Various methods, apparatuses/systems, and media for implementing a smart database driver are disclosed. A receiver receives a request for establishing a connection between an application and a target database. A processor, operatively coupled to the receiver via a communication network, authenticates the application by implementing a java authentication authorization service (jaas). Authentication of the application is performed at runtime with connection properties and configuration details provided via system properties or environment variables. The processor also generates a database connection uniform resource locator (URL), validates the URL; and establishes a connection between the application and the target database based on the validation of the URL and successful authentication of the application.

Abstract: A device may receive, from a contactless card, a uniform resource locator (URL) and encrypted data. The device may download a first application from an application server based on the URL. The device may download and execute the first application. The first application may receive the encrypted data.